inspect
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes browser inspection tools to extract structural metadata (tags, IDs, and class names). The use of
mcp__chrome-devtools__evaluate_scriptis confined to a specific helper function for element identification, which is a standard requirement for its stated purpose.\n- [SAFE]: The skill involves an indirect prompt injection surface by reading content from DOM snapshots and local HTML files. However, the risk is negligible as it is intended for use on project artifacts during development.\n - Ingestion points: Browser snapshots from
.claude/last-snapshot.jsonand project HTML source files in theartifacts/directory.\n - Boundary markers: None explicitly mentioned in the skill definition.\n
- Capability inventory: The skill utilizes file system tools (
Read,Grep,Glob) and browser automation tools for element resolution.\n - Sanitization: The skill extracts data into structured formats rather than performing raw string interpolation of untrusted content into its own internal logic.
Audit Metadata